Config file
cipr config file can be found at:
For Linux systems: ~/.config/cipr/cipr.toml
For MacOS systems: ~/.config/cipr/cipr.toml
The file is created automatically on first run with the default endpoints below:
# cipr config. Override per-provider data sources here, or pass --source on
# the command line. For each provider:
# <provider>_endpoint = URL fetched when --source=hosted (the default)
# <provider>_local_file = if set, read ranges from this path instead of the network
# <provider>_cache_ttl = how long to reuse a cached hosted response. Go duration
# string ("24h", "30m"). "0s" disables caching for this
# provider; defaults to 24h if unset or unparseable.
aws_endpoint = "https://ip-ranges.amazonaws.com/ip-ranges.json"
aws_local_file = ""
aws_cache_ttl = "24h"
azure_endpoint = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
azure_local_file = ""
azure_cache_ttl = "24h"
cloudflare_ipv4_endpoint = "https://www.cloudflare.com/ips-v4/"
cloudflare_ipv4_local_file = ""
cloudflare_ipv4_cache_ttl = "24h"
cloudflare_ipv6_endpoint = "https://www.cloudflare.com/ips-v6/"
cloudflare_ipv6_local_file = ""
cloudflare_ipv6_cache_ttl = "24h"
digitalocean_endpoint = "https://digitalocean.com/geo/google.csv"
digitalocean_local_file = ""
digitalocean_cache_ttl = "24h"
icloud_endpoint = "https://mask-api.icloud.com/egress-ip-ranges.csv"
icloud_local_file = ""
icloud_cache_ttl = "24h"
Config options
cipr will get IP ranges from sources defined in this config unless it is overridden with the --source flag.
You can set local or hosted sources for IP ranges.
If defined, *_local_file will always take precedence over *_endpoint!
| Field | Description | File type | Required |
|---|---|---|---|
aws_endpoint | Hosted endpoint for aws command. | JSON | 👍 |
aws_local_file | Local file for aws command. | JSON | ❌ |
azure_endpoint | Hosted endpoint for azure command. Either the Microsoft download page (cipr scrapes the latest ServiceTags JSON URL from it) or a direct ServiceTags JSON URL. | HTML or JSON | 👍 |
azure_local_file | Local file for azure command. | JSON | ❌ |
cloudflare_ipv4_endpoint | Hosted endpoint for cloudflare command. IPv4 IP ranges. | TXT | 👍 |
cloudflare_ipv4_local_file | Local file for cloudflare command. IPv4 IP ranges. | TXT | ❌ |
cloudflare_ipv6_endpoint | Hosted endpoint for cloudflare command. IPv6 IP ranges. | TXT | 👍 |
cloudflare_ipv6_local_file | Local file for cloudflare command. IPv6 IP ranges. | TXT | ❌ |
digitalocean_endpoint | Hosted endpoint for do command. | CSV | 👍 |
digitalocean_local_file | Local file for do command. | CSV | ❌ |
icloud_endpoint | Hosted endpoint for icloud command. | CSV | 👍 |
icloud_local_file | Local file for icloud command. | CSV | ❌ |
<provider>_cache_ttl | How long to reuse a cached hosted response. Go duration string (24h, 30m). 0s disables caching for that provider. Defaults to 24h if unset or unparseable. | Duration | ❌ |
Caching
When fetching from a hosted endpoint (the default), cipr caches the response on disk and reuses it on subsequent runs until the per-provider TTL expires. This keeps repeated invocations (scripts, cron jobs, CI) fast and avoids hammering provider endpoints.
Cache location:
$XDG_CACHE_HOME/cipr/ifXDG_CACHE_HOMEis set~/.cache/cipr/otherwise
One file per source (e.g. aws.cache, cloudflare_ipv4.cache). To wipe the cache, delete the directory.
TTL: controlled per provider via the <provider>_cache_ttl config key (see the table above). Default is 24h. Set to 0s to disable caching for that provider.
When the cache is bypassed:
--no-cacheflag (one-off, skips both read and write — see Global Flags)--source <url>or--source <path>(custom sources never use the cache)<provider>_local_fileis set in the config (the local file is the source of truth)<provider>_cache_ttl = "0s"in the config
If you change a <provider>_endpoint and want the cached entry from the old endpoint discarded, run the command once with --no-cache (or delete the matching .cache file).